Reveton ransomware developers add advanced password stealer

The developers of the Reveton ransomware no longer rely on their ransom business model. An updated version of Reveton also steals passwords and makes the infected computer a botnet client. Previously the ransomware only encrypted files and locked the computer demanding the user to pay a ransom to get access to their files again.


By claiming the user visited an illegal website and by adding some authenticity by showing  logo’s of government agencies and/or the police, many people were tricked into paying.

However the malware creators apparently felt like they could generate some additional income and have updated Reveton to steal passwords. The list of software and banks of which it can steal passwords is long and includes e-mail clients, poker clients, instant messaging software and FTP and VPN clients. The Reveton update also brings the ability to steal digital currencies like Bitcoin and Litecoin.

The password stealing feature wasn’t built by the Reveton developers, instead they use  a module used by other malware as well, called Pony Stealer. According to Avast one of the best password stealers available on the blackmarket. The Reveton developers seem to have gone shopping some more as they also use known exploit kits that make infecting PCs easy and a module that kills/disables antivirus software.

More information and a way to get rid of this ransomware if you’re infected can be found here.